ClaimLeak
ResourcesContactSign InGet Started

Privacy Policy

Last updated: March 17, 2026

ClaimLeak (“we,” “us,” or “our”) is operated by 98 Holdings. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the ClaimLeak platform, website, and services (collectively, the “Service”). By accessing or using the Service, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you create an account, we collect your full name, email address, company name, and password.
  • Organization Information: Organization name, team member details, and role assignments.
  • Claim Data: Insurance estimates, contractor estimates, claim numbers, property addresses, insurance company names, and any documents you upload to the platform (PDFs, spreadsheets, and CSVs).
  • Payment Information: When you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card numbers, bank account numbers, or full payment details on our servers. Stripe handles all payment data in accordance with PCI-DSS standards.
  • Communications: Messages you send through our live chat support, emails, or other contact methods.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, claim activity, timestamps, and interaction patterns within the platform.
  • Device and Browser Data: IP address, browser type and version, operating system, device type, and screen resolution.
  • Analytics Data: We use PostHog for product analytics to understand how users interact with the platform and to improve the user experience.
  • Live Chat Data: We use Crisp for live chat support. When you are logged in, your name, email, organization name, and subscription tier are shared with Crisp to provide personalized support.

1.3 Information from Third Parties

  • Authentication Providers: If you use third-party sign-in methods, we receive your name and email from the authentication provider.
  • Invitation Data: If you are invited to an organization by another user, we receive your email address from the inviting user.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including document parsing, estimate comparison, scope analysis, code intelligence analysis, supplement generation, and contractor RFP generation.
  • Process your subscription payments and manage your account.
  • Send you transactional communications such as account confirmations, team invitations, and billing notifications.
  • Provide customer support through live chat and email.
  • Analyze usage patterns to improve the platform, fix bugs, and develop new features.
  • Detect, prevent, and address fraud, security issues, and technical problems.
  • Comply with applicable laws and legal obligations.

3. AI and Document Processing

ClaimLeak uses artificial intelligence (powered by Anthropic's Claude API) to parse uploaded documents, compare estimates, detect claim types, perform scope gap analysis, and generate supplement letters. When you upload documents:

  • Document content is sent to Anthropic's API for processing. Anthropic's data usage policies apply to this processing.
  • We do not use your uploaded documents or claim data to train AI models.
  • Parsed data and analysis results are stored in our database and are accessible only to authorized members of your organization.
  • Uploaded files are stored securely in Supabase Storage and are accessible only through your authenticated account.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

  • Service Providers: We share data with third-party service providers who help us operate the Service, including:
    • Supabase — database hosting and file storage
    • Vercel — application hosting
    • Stripe — payment processing
    • Anthropic (Claude) — AI document processing
    • PostHog — product analytics
    • Crisp — live chat support
  • Organization Members: If you belong to an organization, other authorized members of that organization can view claims and data within the shared workspace according to their assigned role permissions.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Storage and Security

  • Your data is stored on servers in the United States using Supabase (hosted on AWS) and Vercel.
  • We implement industry-standard security measures including encrypted connections (TLS/SSL), role-based access controls, and secure authentication through Supabase Auth.
  • Passwords are hashed and never stored in plaintext.
  • Access to your claim data is restricted to authenticated members of your organization based on assigned roles.
  • While we take reasonable measures to protect your information, no method of electronic storage is 100% secure.

6. Data Retention

  • Your account information and claim data are retained for as long as your account is active.
  • If you cancel your subscription, your account reverts to the free tier and your existing data remains accessible.
  • If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention or legal compliance).
  • Organization-level audit logs are retained for the life of the organization.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Data Portability: Request your data in a machine-readable format.
  • Opt-Out of Analytics: You can disable analytics tracking through your browser settings or by using a browser extension that blocks tracking scripts.

To exercise any of these rights, contact us at sales@claimleak.com.

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Authentication session management and security. These are required for the platform to function.
  • Analytics Cookies: PostHog analytics to understand usage patterns and improve the platform.
  • Live Chat Cookies: Crisp uses cookies to maintain chat sessions and identify returning users.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete that information promptly.

10. International Data Transfers

If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States and the application of U.S. law regarding data processing.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

See also: Terms & Conditions